AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions and listings of claims 
in the application. 

Listing Of Claims 
1-19. (Cancelled) 

20. (Currently Amended) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users; 

an intrusion detection system onboard the mobile platform and connected to the 
onboard network; and 

an onboard security management system responsive to the intrusion detection 
system adapted to initiate for initiating an action to stop intrusion based on a set of 
policies , and such that the action is directed to one or more selected user access points ; 

wher e in, if an update is necessary , th o policies being updat e d said onboard 
security management system further adapated to update said set of policies during the 
time that the intermittent link has connection; 

a status indicator to indicate a status of the onboard network . 

21. (Previously Presented) The security system as recited in claim 20, 
wherein initiating the action to stop intrusion comprises sending a warning message to 
the user. 
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22. (Previously Presented) The security system as recited in claim 20, 
wherein initiating the action to stop intrusion comprises disconnecting the user's access 
to the onboard network. 

23. (Previously Presented) The security system as recited in claim 20, 
wherein the onboard security management system further operates to provide an alert 
message to the terrestrial-based system when an intrusion event is detected. 

24. (Previously Presented) The security system as recited in claim 20, 
wherein the onboard security management system further operates to install a network 
traffic blocking filter on one of a plurality of user access points of the onboard network. 

25. (Previously Presented) The security system as recited in claim 20, 
wherein the action to stop intrusion is directed to a specific one of a plurality of user 
access points of the onboard network. 

26. (Currently Amended) The security system recited in claim 20, wherein the 
onboard security manag or maintains an said status indicator provides a status of a 
current operational state of each one of a plurality of network user access points of the 
onboard network. 

27. (Previously Presented) The security system recited in claim 26, wherein 
the indicator indicates one of: 
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a normal operational state; 

a suspect operational state wherein an intrusion event is suspected; and 
a disconnect state in which access by a user of a specific access point on the 
onboard network is prevented. 

28. (Previously Presented) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users; 

an intrusion detection system onboard the mobile platform and connected to the 
onboard network for detecting if a potential intrusion event has occurred; and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies; 

wherein: 

the action can be directed to at least a selected one of a plurality of user 
access points on the onboard network; 

if an update to the set of policies is necessary, the policies are updated 
during the time that the intermittent link has connection with the terrestrial-based 
system; and 

the onboard security manager maintains an indicator of a current 
operational state of each one of the plurality of network user access points of the 
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onboard network, wherein the indicator indicates whether at least one of the following 
conditions is present: 

a normal state of operational for the onboard network; 

a suspect operational state wherein an intrusion event is 
suspected; and 

a disconnect state in which access by a user of a specific 
one of the user access points is being prevented. 

29. (Cancelled) 

30. (Previously Presented) The security system as recited in claim 28, 
wherein the onboard security manager notifies the terrestrial-based system when the 
potential intrusion event is detected. 

31. (Previously Presented) The security system as recited in claim 28, 
wherein the action comprises preventing access to the onboard network from a selected 
one or more of the user access points from the onboard network. 

32-33. (Cancelled) 

34. (Currently Amended) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising; 
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an onboard network accessible to a plurality of users; 

an intrusion detection system onboard the mobile platform for monitoring the 
onboard network for detecting if a potential intrusion event has occurred; and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies, the action able to be directed to at least a selected one of a plurality of 
user access points on the onboard network; 

wherein the action includes one of: 

notifying a particular user on the onboard network that a suspected 
intrusion event has occurred; or 

blocking access by the particular user to the onboard network; 

the security system further being adapted to provide a status indication as to a 
status of the onboard network , 

35. (Previously Presented) The security system recited in claim 34, wherein 
the onboard security management system receives updates to said security policies 
from the terrestrial-based system while said intermittent link is operational. 

36. (Previously Presented) The security system recited in claim 34, wherein 
the onboard security management system notifies the terrestrial-based system that a 
potential intrusion event has occurred. 
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37. (Previously Presented) The security system recited in claim 34, where the 
action taken by the onboard security management system further includes installing a 
network traffic blocking filter on said user access point on which a potential intrusion 
event has occurred. 

38. (Currently Amended) A method for monitoring an onboard network on a 
mobile platform, in which the onboard network is in intermittent communication with a 
terrestrial-based system, the method comprising: 

providing a plurality of network access points to users on the mobile platform; 

monitoring the onboard network to detect for an intrusion event; and 

using a security management system onboard the mobile platform, and 
responsive to notification of an intrusion event, to initiate a security action to address the 
intrusion event, in accordance with a set of security policies , where the security action 
can be directed to one or more selected access points on the network; and 

indicating an operational status of the network . 

39. (Previously Presented) The method recited in claim 38, further comprising 
updating the security policies while the onboard network is in communication with the 
terrestrial-based system. 
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